General
-
Target
fec55dc938e0f7415e6fa52ff0c19dc9_JaffaCakes118
-
Size
160KB
-
Sample
240929-sc5hbayenl
-
MD5
fec55dc938e0f7415e6fa52ff0c19dc9
-
SHA1
6e0b2183929ca5839afdbd0101d54fea07c4667b
-
SHA256
284b3279185daa042edaff3dd1e2a05bafde4839b81692ade04d2db5b07b1a20
-
SHA512
eb7758418b1595466f9cceb23dca60f81aa0d40c2157fe6a50ac7db53d8f71721f2de89cd91e7486e61536c3c456b2edc869a23d6276d82e4dc5c7a77abdb02a
-
SSDEEP
3072:5IU0JI4H2AKMi2VxpSVanVa1WWZuOSzU7AyemXLSg/9lvnvoUoAxF8+:5IUxRJP2VbSuo15ZuOSAkbZyvgU58+
Malware Config
Targets
-
-
Target
fec55dc938e0f7415e6fa52ff0c19dc9_JaffaCakes118
-
Size
160KB
-
MD5
fec55dc938e0f7415e6fa52ff0c19dc9
-
SHA1
6e0b2183929ca5839afdbd0101d54fea07c4667b
-
SHA256
284b3279185daa042edaff3dd1e2a05bafde4839b81692ade04d2db5b07b1a20
-
SHA512
eb7758418b1595466f9cceb23dca60f81aa0d40c2157fe6a50ac7db53d8f71721f2de89cd91e7486e61536c3c456b2edc869a23d6276d82e4dc5c7a77abdb02a
-
SSDEEP
3072:5IU0JI4H2AKMi2VxpSVanVa1WWZuOSzU7AyemXLSg/9lvnvoUoAxF8+:5IUxRJP2VbSuo15ZuOSAkbZyvgU58+
Score7/10-
Deletes itself
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-